First published: Thu Sep 28 2017(Updated: )
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
Credit: bressers@elastic.co
Affected Software | Affected Version | How to fix |
---|---|---|
Elastic X-Pack | =5.3.0 | |
Elastic X-Pack | =5.3.1 | |
Elastic X-Pack | =5.3.2 | |
Elastic X-Pack | =5.3.3 | |
Elastic X-Pack | =5.4.0 | |
Elastic X-Pack | =5.5.0 | |
Elastic X-Pack | =5.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.